Policy-based transparent proxying
Igor Dombrovan
igor at chorus.ru
Tue Jun 1 04:11:19 PDT 2004
Hi guys
Suppose my FreeBSD machine is a router/firewall for a small private network
and I use transparent proxying. ipnat.conf looks like this :
rdr fxp0 192.168.0.254/32 port 80 -> 192.168.0.254 port 8000 tcp
rdr fxp0 0/0 port 80 -> 192.168.0.254 port 3128 tcp
map dc0 192.168.0.0/24 -> x.x.x.x/32 proxy port ftp ftp/tcp
map dc0 192.168.0.0/24 -> x.x.x.x/32 portmap tcp/udp auto
map dc0 192.168.0.0/24 -> x.x.x.x/32
fxp0 being the internal iface and dc0 the external one
Now suppose I shall have one more subnet - 192.168.1.0/24 and I want to nat
it to another external IP address and make it use a different proxy. With
nat it's rather clear but as to using a separate proxy - man 5 ipnat and
practice says I can't use "from" clause in rdr. Any ideas (except switching
to ipfw) ?
Thanks all for your attention
Igor
More information about the freebsd-questions
mailing list